diff options
| author | tylermurphy534 <tylermurphy534@gmail.com> | 2022-11-08 20:40:57 -0500 |
|---|---|---|
| committer | tylermurphy534 <tylermurphy534@gmail.com> | 2022-11-08 20:40:57 -0500 |
| commit | c4c70d96952ad67e95a02537b3720a18387d8ddb (patch) | |
| tree | f6933e8feff50ec9d7249909ec1fd0bcbd800b1e /src/main.rs | |
| parent | error codes (diff) | |
| download | crab-c4c70d96952ad67e95a02537b3720a18387d8ddb.tar.gz crab-c4c70d96952ad67e95a02537b3720a18387d8ddb.tar.bz2 crab-c4c70d96952ad67e95a02537b3720a18387d8ddb.zip | |
fix non root tamper persist files
Diffstat (limited to 'src/main.rs')
| -rw-r--r-- | src/main.rs | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/main.rs b/src/main.rs index 66cff52..cd10277 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,9 +1,10 @@ use std::fs; +use std::os::linux::fs::MetadataExt; use std::{env, os::unix::prelude::PermissionsExt}; use std::process::ExitCode; use std::time::SystemTime; use pwd::Passwd; -use nix::{unistd}; +use nix::unistd; use serde_json::Value; extern crate time; @@ -37,7 +38,7 @@ fn main() -> ExitCode { let persist = match allowed(&config, &user.name) { Some(data) => data, None => { - eprintln!("Operation Not Permitted. This incidence will be reported."); + eprintln!("Operation Not Permitted."); return ExitCode::from(ERROR_NOT_AUTHORIZED); } }; @@ -137,11 +138,28 @@ fn get_terminal_process() -> Option<i32> { Some(stat.tty_nr) } +fn is_file_root_only(id: &i32) -> bool { + let metadata = match std::fs::metadata(path(&id)) { + Ok(data) => data, + Err(e) => { + if let Some(err) = e.raw_os_error() { + return err == 2; + } + return true + } + }; + let perms = metadata.permissions(); + return perms.mode() == 33200 && metadata.st_uid() == 0 && metadata.st_gid() == 0; +} + fn get_terminal_config() -> Option<Value> { let id = match get_terminal_process() { Some(data) => data, None => return None }; + if !is_file_root_only(&id) { + return None; + } let data = match std::fs::read_to_string(path(&id)) { Ok(data) => data, Err(_) => "{}".to_string() @@ -158,7 +176,7 @@ fn write_terminal_config(id: &i32, data: &str) -> Result<(), Box<dyn std::error: unistd::chown(std::path::Path::new(&path(&id)), Some(unistd::Uid::from(0)), Some(unistd::Gid::from(0)))?; let metadata = std::fs::metadata(path(&id))?; let mut perms = metadata.permissions(); - perms.set_mode(0o0660); + perms.set_mode(0o660); fs::set_permissions(path(&id), perms)?; Ok(()) } |